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Amendments to the Claims : 
This listing of claims replaces all prior versions and listings of claims in the application: 

1 . (Previously presented) A network encryption system, comprising: 
a first network interface, adapted for connection to a protected network; 

a second network interface, adapted for connection to an unprotected network; 

a processing part, which manages the encryption of information payload to be sent to the 
unprotected network, and decryption of information payload which are received from the 
unprotected network, and said processing part includes a microprocessor therein; and 

an encryption and decryption system, including a first high-speed crypto system which 
operates using dedicated hardware components for cryptographic encryption and decryption of a 
first format kind of message, a second high-speed crypto system physically separate from said 
first high-speed crypto system using dedicated hardware components for cryptographic 
encryption and decryption of a second format kind of message different than said first format 
kind of message, and a second, lower speed crypto system, which carries out said cryptographic 
operations without dedicated hardware components. 

2. (Original) A system as in claim 1, wherein said first high-speed crypto system 
uses field programmable gate arrays which are configured to carry out a specific encryption or 
decryption operation. 

3. (Original) A system as in claim 1, wherein said first low-speed crypto system 
includes a first portion using a cryptographic processor, and a second crypto portion using 
software running on a general-purpose processor. 
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4. (Previously presented) A system as in claim 1 , further comprising a key 
management subsystem, physically separate from said processing part and_connected to said 
processing part via a network interface and communicating using a network management 
protocol, said key management subsystem storing encrypted software keys therein. 

5. (Original) A system as in claim 4, wherein said key management subsystem and 
said processing part communicate via Simple Network Management Protocol. 

6. (Original) A system as in claim 4, wherein said key management subsystem stores 
at least one private key by encrypting said keys using a password for the encryption. 

7. (Original) A system as in claim 4, wherein said key management system 
maintains addresses of other key management systems. 

8. (Original) A system as in claim 1, wherein said first high-speed crypto system 
includes at least one card. 

9. (Previously presented) A system as in claim 8, wherein said high-speed crypto 
system includes a first card specialized for encryption of SONET frames and a second high- 
speed crypto system includes.a second card specialized for encryption of ATM cells. 

1 0. (Original) A system as in claim 4, further comprising a security interlock on said 
key management subsystem, and a memory erase function which erases said memory when said 
security interlock is violated. 

1 1 . (Original) A system as in claim 1, wherein said encryption and decryption system 
includes a portion which removes a header associated with the network interface, replaces said 
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header with a cryptographic header, processes said message using the cryptographic header, and 
then generates a new header associated with the network interface. 

12. (Previously presented) A system, comprising: 

a first network interface, adapted for connection to a protected network; 

a second network interface, adapted for connection to an unprotected network; 

a processing part including a third network interface, said processing part managing 
encryption of data from said unprotected network and sending said data to said protected 
network, and managing decryption of data from said protected network and sending said data to 
said unprotected network in a specified form; 

a key management subsystem, storing encrypted keys therein for use in decryption by 
said processing part, physically separate from said processing part and connected to said 
processing part by a network connection, and communicating to said processing part via a 
network protocol and connected to said third network interface; and 

wherein said processing part includes an encryption and decryption system, including a 
high-speed crypto system formed of hardware encryption parts including a first high-speed 
crypto part using dedicated hardware components for cryptographic encryption and decryption of 
a first format kind of message, a second high-speed crypto part physically separate from said first 
high-speed crypto part, using dedicated hardware components for cryptographic encryption and 
decryption of a second format kind of message, different than said first format kind of message. 

1 3 . (Original) A system as in claim 12, wherein said network protocol of said third 
network interface is SNMPV3. 

14. (Original) A system as in claim 12, wherein said unprotected network is a SONET 
network. 
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15. (Original) A system as in claim 12, wherein said unprotected network is an ATM 
network. 

1 6. (Original) A system as in claim 12, wherein said unprotected network is a Frame 
Relay network. 

17. (Original) A system as in claim 12, wherein said unprotected network is a IP 
network. 

18. (Previously presented) A system as in claim 12, wherein said processing part 
includes an encryption and decryption system, including a lower speed crypto system operating 
using a crypto processor. 

19. (Original) A system as in claim 18, wherein said lower speed crypto system 
includes a first part that operates in software, and a second part that operates using a 
cryptographic processor. 

20. (Original) A system as in claim 18, wherein said high-speed crypto system is 
formed of field programmable gate arrays. 

21. (Previously presented) A system as in claim 18, wherein said encryption and 
decryption system operates to remove a header associated with a network protocol of said 
unprotected network, and a header associated with cryptographic functions, process a message 
portion using said header associated with cryptographic functions, and then regenerate a header 
associated with the network protocol. 



22. (Cancelled). 
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23. (Cancelled). 



24. (Previously presented) A system as in claim 1, wherein at least one of said 
network interfaces is an Ethernet network. 



